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The Legislative Audit Committee 
of the Montana State Legislature: 


We have reviewed and tested to the extent we considered 
necessary the procedures and controls for the Information Process- 
ing Facility, the Statewide Budgeting and Accounting System 
(SBAS), the Warrant Writing System, and the Central Payroll 
System of the State of Montana during the fiscal year ended June 
30, 1982. 

Our review and tests were limited to the systems listed above 
and did not include consideration of procedures or controls per- 
formed by users of the facility and the systems. 

The attached report includes a description of the systems 
tested, the scope of our review, and a description of the tests 
performed and the results of these tests. The internal contro! 
review of the Information Pracessing Facility was limited to tests of 
controls ensuring operating systems security, segregation of func- 
tions, physical security, data security, and disaster recovery. We 
did not examine controls for applications utilizing the Integrated 
Data Management System data base. 

In our opinion, the internal controls in the Information Process- 


ing Facility and the system controls for the Statewide Budgeting and 


Accounting System, the Warrant Writing System, and the Central 
Payroll System for the fiscal year ended June 30, 1982 conformed 
to the accompanying descriptions. However, we found inadequacies 
exist as noted in the following pages. 

Because our review and tests were limited to the attached 
system descriptions and the related procedures performed by the 
Information Processing Facility and did not extend to procedures 
performed by users of the facility, we express no opinion on the 
adequacy of internal accounting controls as they apply to either a 
specific user of the Information Processing Facility or to the facility 
itself. 

The attached report is intended for use by auditors as a 
basis for reliance on these centralized state operations in the 
performance of fiscal year 1981-82 audits of state agencies. 

Respectfully submitted, 


A QUE 


August 27, 1982 James H. Gillett, CPA 
Deputy Legislative Auditor 
Financial/Compliance & Contract Audits 


Approved by: 


ate oe 


Robert R. Ringwood 
Legislative Auditor 


TABLE OF CONTENTS 


Opinion 
General 
Information Processing Facility Internal Control Review 
Background 
Data Entry 
Operating System Security 
Segregation of Duties 
Output Distribution 
Physical Security 
Data Security 
Disaster Recovery 
Central Payroll System 
Background 
Input Controls 
Processing Controls 
Output Controls 
Disaster Recovery 
SBAS 
Background 
Input Controls 
Hard Copy Input 


RJE and Magnetic Tape Input 


Daily Batch Reconciliation 
Validity Edits 


Suspense File Corrections 


10 
10 


TABLE OF CONTENTS (Continued) 


Processing Controls 
Run-to-run Totals 
Update Edits 

Output Controls 
Balancing Controls 
Report Distribution 

Year-end Cutoff 

Cash Elimination 

SBAS Closing 

Disaster Recovery 

Miscellaneous 
Non-Treasury Cash Accounts 

Warrant Writing System 

Background 

Input Controls 

Processing Controls 
Warrant Writing 
Warrant Redemption 

Output Controls 


Disaster Recovery 


REPORT ON CENTRAL SYSTEMS REVIEW 
FOR THE FISCAL YEAR 1981-82 

GENERAL 

This report is the result of our review of certain centralized 
operations of the state of Montana for the fiscal year ended June 30, 
1982. The first part of the report discusses the overall security 
and controls of the Computer Services Division. These controls 
affect all data processing users. The second, third, and fourth 
parts discuss the Central Payroll System, the Statewide Budgeting 
and Accounting System, and the Warrant Writing System, respec- 
tively. We performed application reviews of these systems to 
evaluate the integrity and effectiveness of the systems. 
INFORMATION PROCESSING FACILITY INTERNAL CONTROL REVIEW 

Background 

The Department of Administration, Computer Services Division 
(CSD), manages and operates the Information Processing Facility 
(IPF) for the state of Montana. The IPF handles data processing 
applications for various state agencies. The scope of our review 
of the IPF included evaluation and testing of critical internal 
controls over operations, hardware, software, and security that 
ensure integrity and safeguards over processing agency data. 

Data enters the system through various media. Most common 
are hard copy documents (converted to machine readable format), 
magnetic tape, and on-line transmissions (teleprocessing). Process- 
ing is performed on an IBM 3033 processor using the IBM MVS 
operating system. Three shifts of employees maintain operation of 


the system 24 hours a day, 7 days a week. 


Output is available as hard copy reports, magnetic tape or 
disk data files, and on-line transmissions. 

We examined centralized controls over data entry, processing, 
distribution of output, physical security, and disaster recovery. 
Our examination tested the integrity of processing and security 
over data at the facility. 

Descriptions of IPF procedures can be found in the Computer 
Services Division Manual of Standards. 

Data Entry 

We reviewed data entry procedures at the CSD Data Entry 

Section. Controis were adequate to ensure data conversion was 


accurately performed by Data Entry Section employees. We did not 


review data entry procedures at other agencies. 


Operating System Security 
CSD utilizes IBM's MVS operating system. Security and 


integrity were major design objectives of the MVS operating system. 
{t is the responsibility of the user installation to ensure designed 
controls are utilized. 

Weaknesses were noted in access controls over certain 
programs that are assigned special properties. These weaknesses 
allow persons with technical knowledge to bypass certain controls 
designed into the operating system (password protection for 
example). Bypassing these controls could allow unauthorized 
access to applications or data files. 

CSD has purchased a new system security package. They 


will begin testing the system in August or September 1982 and will 


implement it as soon as possible thereafter. The new security 
system should enable CSD to greatly reduce the internal control 
weakness noted above. 
Segregation of Duties 
Segregation of duties at the facility was adequate during the 
audit period. 
Output Distribution 
We found hard copy distribution controls for applications run 
at CSD to be adequate. Controis were adequate to ensure magnetic 
tapes are released only to authorized persons. On-line output 
controls were not examined. 
Physical Security 
We determined physical security at the CSD processing facility 
was adequate. 
Data Security 
Various security options exist for the protection of user data 
files. Passwords are the primary protection method used for 
on-line data-sets. Due to weaknesses noted in the Operating 
System Security Section of this report on page 2, password protec- 
tion is not adequate for sensitive data. We noted in our review 
that few data files were password protected and that protection is 
cumbersome for both Computer Services Division and the user. 
The newly purchased security system will have the ability to 
protect data files through access restrictions not available on the 


present operating system. 


Disaster Recovery 


The Computer Services Division developed a disaster recovery 
contingency plan for the IPF and critical applications. The plan 
calls for an alternate site to be established in the event of a 
disaster. Critical applications included in the plan are the Central 
Payroll System, the All-Purpose Warrant System, SBAS, and the 
Workers' Compensation Division warrant processing system. 

The disaster recovery plan does not call for a fully opera- 
tional pre-disaster site. The intention is to have a alternate site 
which can become fully operational within 30 days of a disaster. 
CSD has agreements for the use of two alternate sites which can 
become fully operational within the above time frame. 

All IPF users are responsible for the backup of their own 
data files. Computer Services Division maintains offsite vaults for 
the storage of backup files. Backup files are moved to these 
vaults at the request of users. We reviewed procedures for offsite 


backup of operating system software and found them adequate. We 


did not review the adequacy of agency offsite backup. 


CENTRAL PAYROLL SYSTEM 
Background 

The State Auditor's Office, Central Payroll Division, is respon- 
sible for the operation, maintenance, and control of the Central 
Payroll System for state government. The Central Payroll System 
processes payroll information for all state agencies, except univer- 
sity system units and the vocational technical centers. The system 
processes biweekly payroll information for approximately 14,000 
state employees. During fiscal year 1981-82, Central Payroll 
Division began operating a new payroll system which incorporates 
Payroll, Personnel, and Position Control information. The division 
employed eight full-time employees during fiscal year 1981-82. 

One of the applications scheduled for the new payroll system 
is leave accounting. This application was not in use during our 

Proper processing of payroll transactions and updating of the 
SBAS records is ensured by the separation of time-keeping, payroll 
preparation, recording, and warrant distribution functions, and 
the following additional controls. 

Input Controls 

Data is entered into the payroll system using hard copy 
payroll forms processed through the Central Payroll Division. 
Division personne! preaudit each document to ensure that no 
obvious errors exist and code the document for keying. The 
preaudit ensures all prepayrolls and payroll status forms contain 
proper agency authorization. Input documents are then batched 
and taken to the Data Entry Section of the Computer Services 


Division. 


Data Entry personnel key and key-verify the changes. 
Unchanged payroll data from the previous run is kept in a hold 
file and does not require rekeying. The Data Entry Section main- 
tains control over payroll transactions by logging all payroll batches 
received from Central Payroll and transferred to the computer 
room. The hard copy documents are returned to Central Payroll 
for filing. 

All payroll transactions are processed through an edit/update 
program that validates the data against master files and predeter- 
mined edits. All transactions which generate payroll warrants are 
balanced against control totals input to the system. Invalid trans- 
actions are rejected and placed in an error file, and an invalid 
change register is printed identifying the errors. 

During prior audits we found that edit routines allowed 
processing of abnormally high hourly wage rates and gross pay 
amounts. The payroll system now identifies excessive wage rates 
and gross pay amounts. 

Rejected transactions are controlled and corrected by the 
Central Payroll Division. Once the errors have been corrected, 
the transactions are again processed through the edit program. 
Procedures used to edit and correct input data minimize errors and 
ensure that corrections are submitted for processing. 

We reviewed input controls to gain reasonable assurance that 
data received for processing has been properly authorized and that 
data has not been lost, suppressed, added, duplicated, or otherwise 
improperly changed. Controls are adequate over the input of 


prepayroll listings, changes in pay rates, and the addition and 


termination of employees. Centralized controls are not adequate to 
ensure other changes submitted on payroll status forms are properly 
input. 

Processing Controls 

We examined the accuracy of the system's calculation of 
employer and employee payroll expenses, withholdings and deduc- 
tions and found no errors in the system's calculations. We also 
tested central payroll transactions for compliance with state and 
federal laws regarding minimum wage requirements and found no 
exceptions. 

System-generated entries of payroll expenditures were traced 
to appropriate SBAS documents and reports. The payroll informa- 
tion was accurately recorded on SBAS. All payroll expenditure 
entries were transferred into the payroll revolving account on 
SBAS. We found the payroll revolving account was not reconciled 
during the audit year. 

Accruals of the last full pay period for fiscal year 1981-82 
were centrally processed by the Central Payroll Division using the 
cash elimination procedures described in Management Memo 2-82-2. 
it was each agency's responsibility to submit partial pay period 
accruals for the period June 25 through June 30, 1982. The 
partial pay period accrual was based on actual hours worked by 
employees. 

We traced payee and amount from Central Payroll reports to 
the cashed warrants kept at the Fiscal Management and Control 
Division of the State Auditor's Office. No discrepancies between 
the warrant information and the system's reported information were 


noted. 


Central Payroll prepares and distributes W-2 forms annually. 
We determined they were prepared and distributed on a timely 
basis. 

Output Controls 

The payroll system produces two types of output: payroll 
reports and payroll warrants. Payroll reports are used to balance, 
reconcile, and manage the system. Balancing procedures exist to 
ensure that input data balances to reported output. We compared 
the payroll figures reported by the Central Payroll System with 
those reported by the Warrant Writing System and SBAS. The 
Warrant Writing System and SBAS adequately report payrall data 
processed by the Central Payroll System. 

Computer Services Division distributes payroll reports to 
Central Payroll. Warrants and the original warrant register go to 
the Fiscal Management and Control Division of the State Auditor's 
Office. The State Auditor's Office then distributes payroll warrants 
as described on page 18 of this report. Central Payroll Division 
distributes payroll reports and a copy of the warrant register to 
each agency. 

Existing output controls ensure that processed data does not 
include unauthorized alterations and that the appropriate reports 
are available for the user agencies. 

Disaster Recovery 

The Central Payroll System is included in the Computer 
Services Division disaster recovery plan discussed on page 4 of 
this report. The Central Payroll Division maintains adequate 


offsite backup files. 


SBAS 
Background 

The Department of Administration, Accounting Division, 
operates the Statewide Budgeting and Accounting System (SBAS). 
SBAS is a double entry system that provides financial information 
that can be used by agency management and others to review and 
control agency financial transactions. 

All transactions are input under the authority of the Account- 
ing Division. The division processed thousands of documents, 
resulting in 5.6 million transactions during fiscal year 1981-82. 

Input Controls 

Data is entered into the system using three media: hard 
copy SBAS forms, magnetic tape, and Remote Job Entry (telecom- 
munication). 

Hard Copy Input 

Hard copy input must be submitted to the Accounting Division. 
Agencies may segregate hard copy documents into batches. The 
Accounting Division batches unbatched input documents, and logs 
batch control totals. The Data Entry Section of the Computer 
Services Division key-enters and key-verifies batches of documents. 
No central review is performed to ensure hard copy input 
documents are properly authorized. 

RJE and Magnetic Tape Input 

During fiscal year 1981-82, five of the six university system 
units Call except Northern Montana College), and the Departments 
of Social and Rehabilitation Services, Highways, Commerce, and 


Fish, Wildlife, and Parks submitted SBAS transactions via Remote 


Job Entry or magnetic tape. Magnetic tape and RJE transactions 
are processed through a reformat program to convert the trans- 
mitted record into a format acceptable by SBAS. The reformat 
program produces a report of control totals which is distributed to 
the Accounting Division and the transmitting agency. The Account- 
ing Division uses this report in its batch reconciliation process. 

Daily Batch Reconciliation 

Following each daily processing run the Accounting Division 
reconciles control totals for all batches input to the control totais 
of documents processed and rejected by validity edits. Reconcilia- 
tion controls are adequate to ensure all SBAS input data received 
by the Accounting Division are input for processing. 

Validity Edits 

Before transactions are allowed to enter the update cycle of 
processing, all transactions are edited by a validity edit routine. 
Documents containing invalid transactions are rejected and placed 
in an error suspense file. A rejected document report is printed 
identifying the errors. Validity edits minimize the number of 
invalid transactions processed. 

Suspense File Corrections 

Documents rejected and output to the suspense file are cor- 
rected using an on-line error correction program. 

The rejected documents for most state agencies are corrected 
by the Accounting Division. The Accounting Division contacts 
agencies with rejected documents by telephone to obtain the correct 


entry. In certain instances the Accounting Division will correct 
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the suspense file for rejected agency documents without notifying 
the agency in advance of the change. Accounting Division notifies 
the agency the following day of the changes made via a "was/is" 
report. The report shows the original transaction ("was") and the 
corrected version ("is"). 

The six university system units and the Departments of 
Health, Commerce, and Fish, Wildlife, and Parks have on-line 
error correction capabilities for documents submitted by their 
agencies. 

The content of the rejected document suspense file is re-input 
for each SBAS daily processing run. Data re-input from the 
suspense file is again processed through the SBAS validity edits. 
Corrected documents enter the processing cycle and documents not 
corrected or only partially corrected reject to the suspense file. 
suspense file to ensure rejected documents are input on the next 
run. A "was/is" report is printed and distributed to the Account- 
ing Division and the agency submitting the document. 

Processing Controls 

Run-to-run Totals 

Run-to-run totals used in the SBAS daily processing ensure 
that transactions input are processed and properly update sub- 
sidiary control ledgers and responsibility center records. 

Update Edits 

The SBAS Daily Processing Program contains update edits to 
prevent the creation of a warrant causing a negative cash or 
appropriation balance. Whenever an agency makes an expenditure 
causing a negative cash or appropriation balance, an edit prevents 


11 


the creation of warrant source records until the balance is again 
positive. The Accounting Division accounts for and controls the 
release of these suppressed warrants. These edits do not prevent 
the processing of transactions causing negative cash or appropria- 
tion balances. 

Output Controls 


Balancing Controls 

The SBAS Month-End Program sorts SBAS control ledgers into 
various formats for the generation of SBAS monthly reports. 

During month-end processing, the control ledgers for each 
accounting entity are balanced to the general ledger for that entity 
to ensure that the general ledger was properly updated. 

Totals on responsibility center and reporting center reports 
are agreed to the totals of the responsibility center control ledgers 
used to create the reports. If the above totals are not in agree- 


ment, the error message * TOTALS DO NOT AGREE * is printed 
on the responsibility center or reporting center report. 

Balancing controls are adequate to ensure the Accounting 
Division or the agency is notified when the general ledger, respon- 
sibility center reports, or reporting center reports disagree with 


subsidiary control ledgers. We did not test and therefore have no 


assurance that program reports agree to the general ledger or to 
control ledgers. 


Report Distribution 
SBAS hard copy and microfiche reports are distributed by the 


Accounting Division. Controls were adequate to ensure a proper 


and timely distribution of both hard copy and microfiche reports. 
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Year-end Cutoff 

Near the end of each fiscal year the Department of Adminis- 
tration delivers cutoff instructions to every agency. it is the 
agency's responsibility to follow these instructions. The documents 
and tapes submitted during the cutoff period are required to be 
clearly marked as to which year they pertain. Agencies submitting 
RJE input are instructed not to transmit new fiscal year data until 
after certain dates. When the division receives transactions that 
are not clearly marked, division personnel call the agency to 
clarify the year to which the transactions pertain. 

We found the Accounting Division's procedures ensured docu- 
ments correctly marked by agencies were input for processing in 
the correct fiscal year. 

Cash Elimination 

Agencies were allowed to pay valid fiscal year 1981-82 obliga- 
tions during the fiscal year-end adjustment period. Cash transac- 
tions following the June 30 cutoff would normally result in a mis- 
statement of cash at year-end. To prevent misstatement, cash 
elimination receivable and payable accounts were established. 
Management Memo 2-82-2 contains a detailed description of the cash 
elimination process. 

Agencies were allowed to record cash transactions during the 
adjustment period except on transfer warrant claims and no-warrant 
transfers, 

SBAS Closing 
The closing of SBAS nominal and budgetary accounts is 


performed automatically in the SBAS closing program. We examined 
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the closing process and found controls adequate to ensure that 
SBAS is properly closed. 
Disaster Recovery 
The CSD disaster recovery plan discussed on page 4 of this 
report includes the SBAS application. Offsite backup of files 
maintained for the SBAS application was adequate. 


Miscellaneous 


Non-Treasury Cash Accounts 


Agency use of non-treasury cash accounts must be approved 
on a form DA-105 by Accounting Division. We examined non- 
treasury cash accounts for proper authorization and found all 


authorization forms tested had Accounting Division approval. 
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WARRANT WRITING SYSTEM 
Background 

The Warrant Writing System controls the creation and distri- 
bution of most state warrants and the redemption of all state 
warrants. The system accounts for state warrants issued, outstand- 
ing, and redeemed. 

Montana State University (MSU) and the University of Montana 
(U of M) create and distribute payroll warrants for their agencies. 


warrants at MSU and U of M. 


Treasury checks written by the Department of Administration, 
Treasury Division, and the Department of Labor and Industry, 


Employment Security Division, are not a part of the warrant writing 


The operation of the warrant writing system is controlled by 
the State Auditor's Office and the Accounting and Treasury Divi- 
sions of the Department of Administration. The State Auditor's 
Office is primarily responsible for the system. The Accounting 
Division initiates the warrant writing function and reconciles the 
system to the Statewide Budgeting and Accounting System (SBAS). 
The Treasury Division controls warrant redemption. 

Input Controls 

The Accounting Division initiates the writing of warrants via 
a request to the Computer Services Division to create warrants 
from specific warrant source files. Once the warrants are created, 
they are sent to the State Auditor's Office for distribution, and a 
copy of the warrant register, detailing all the warrants created, is 
sent to the State Auditor's Office and the Accounting Division. 
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The Accounting Division reconciles the warrant register to 
SBAS daily, to ensure that warrants written reconcile to warrant 
transactions processed through SBAS. Additionally, the general 
warrant revolving account (accounting entity 07300), through 
which all state warrants are recorded on SBAS, is reconciled 
monthly by the Accounting Division. 

Input controls were adequate to ensure that data received for 
processing was properly authorized and input into the Warrant 
Writing System. 

Processing Controls 

Warrant Writing 


When warrants are written, a corresponding warrant record is 
placed on the outstanding warrants file. Warrants not created by 
the Warrant Writing System, yet controlled by the system for 
clearing purposes (see background section), are added to the 
outstanding warrants file through a warrant edit and load program. 
Before any warrant is written, or any warrant record is added to 
the outstanding file, logical editing of the warrant source informa- 
tion is performed. If errors are detected by the edits, the warrant 
source record is rejected on an error report. The Accounting 
Division corrects rejected warrant source records and reenters 
them in the system. 

When the State Auditor's Office receives the warrants, office 
personnel agree the amount and payee of each all purpose warrant 
to a corresponding warrant transmittal prepared by the applicable 


agency. Central payroll warrants are sequence checked to ensure 
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all warrants are sequentially numbered and no warrants are missing. 
The total amount of multiple vendor warrants submitted via magnetic 
tape is agreed from the warrant transmittal to the warrant register. 

Controls over the blank warrants and signature plates main- 
tained in the State Auditor's Office are adequate. We did not 
U_of M. 

The system utilizes a warrant control file to control the 
warrant numbers used in each warrant writing run. This file is 
updated each run. It provides the system with the necessary 
information to determine that the warrants being printed are prop- 
erly sequenced. 

Warrant Redemption 

The Treasury Division receives warrants and a magnetic tape 
of warrant records that have cleared the bank on a daily basis. 
The physical warrants are first agreed by warrant number and 
amount to the bank tape. Discrepancies are researched and cor- 
rected. Next, the bank tape is processed against the outstanding 
warrants file by warrant series and number. Warrants from the 
bank that match the corresponding record on the outstanding 
warrants file are coded by the system as cashed. 

Cashed warrants are removed from the outstanding warrants 
file at the end of the month after the Monthly Warrant Register is 
prepared. Errors identified by the above process are corrected 
and resubmitted by the Treasury Division. 

We reviewed the processing controls that ensure warrant 


information is properly reflected in the Warrant Writing System. 
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This review included examination of the processing policies and 
procedures followed in the operation of the system. Processing 
controls were adequate to ensure that all transactions were 
processed as intended and that warrants are generated in the 
image of their supporting transfer warrant claim or payroll detail 
record. 

Output Controls 

The Warrant Writing System produces reports to control the 
processing of the system. These reports are used daily to balance 
the outstanding warrant source file and the cashed warrant source 
files. 

Distribution of all-purpose and central payroll warrants is 
controlled by the State Auditor's Office. Warrants are either 
mailed directly to the recipient indicated on the warrant transmittal 
or picked up at the State Auditor's Office. In the latter case, 
agency personnel must be authorized to receive warrants and must 
sign for the warrants received. We did not examine controls over 


the distribution of payroll warrants at MSU or U of M. 

Output controls are adequate to ensure that the State Auditor's 
Office releases warrants only to authorized personnel and _ that 
output reports accurately reflect the results of processing. 

Disaster Recovery 
The Warrant Writing System is included in the Computer 


Services Division disaster recovery plan discussed on page 4 of 


this report. Offsite backup of files is not adequate for the 


Warrant Writing System. 
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